[Secure-testing-commits] r5740 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Apr 26 21:14:45 UTC 2007 

Author: joeyh
Date: 2007-04-26 21:14:38 +0000 (Thu, 26 Apr 2007)
New Revision: 5740

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-26 19:28:09 UTC (rev 5739)
+++ data/CVE/list	2007-04-26 21:14:38 UTC (rev 5740)
@@ -1067,6 +1067,7 @@
 CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
 	NOT-FOR-US: Eve-Nuke
 CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
+	{DSA-1282-1}
 	- php4 <unfixed> (medium)
 CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
 	NOT-FOR-US: D4J eZine
@@ -1186,6 +1187,7 @@
 CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
 	NOT-FOR-US: mcweject
 CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
+	{DSA-1282-1}
 	- php4 <unfixed> (medium)
 	[sarge] - php4 <not-affected> (Vulnerable code not present)
 	- php5 <unfixed> (medium)
@@ -1204,6 +1206,7 @@
 CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
 	NOT-FOR-US: Active Auction Pro
 CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
+	{DSA-1282-1}
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)
 	NOTE: register_globals not supported
@@ -1642,6 +1645,7 @@
 CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
 	- php5 <unfixed> (medium)
 CVE-2007-1521 (Double free vulnerability in PHP 5.2.1 and earlier allows ...)
+	{DSA-1282-1}
 	- php5 <unfixed> (medium)
 	- php4 <unfixed> (medium)
 CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 does ...)
@@ -1986,6 +1990,7 @@
 CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
 	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
 CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
+	{DSA-1282-1}
 	- php4 <unfixed> (low)
 	- php5 <unfixed> (low)
 CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
@@ -2249,6 +2254,7 @@
 	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
 	NOTE: Non-issue, explicit debug feature
 CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
+	{DSA-1282-1}
 	- php4 <unfixed> (low)
 CVE-2007-1285 (The Zend Engine in PHP 4.x and 5.x allows remote attackers to cause a ...)
 	- php5 <unfixed> (unimportant)

More information about the Secure-testing-commits mailing list